1. Field of the Invention
This invention relates to electronic commerce transactions. In particular, the invention relates to a system, device, and method for providing secure electronic commerce transactions.
2. Description of Related Art
Today, the term electronic commerce has come to be associated with the buying and selling of tangible assets (e.g. goods), services, and intangible digital assets over the Internet between a business and a connected computer user. Further, electronic commerce also typically involves some method of securing transactions, authorizing payments, and moving money between accounts.
Electronic commerce also involves business-to-business transactions, expanding on the older and more traditional EDI (Electronic Data Interchange) techniques of exchanging purchase orders, invoices, and other documents in electronic form. EDI and other forms of business transactions have been taking place over public and private networks for some time. The financial system literally runs over the telecommunication network. For example, millions of stock market transactions take place everyday using electronic means.
However, what is different with electronic commerce using the Internet, is that these transactions take place over public networks between buyers and sellers who may not have had any previous business relationship. The element of trust is missing and must be established in some way. Thus, electronic transactions need to be secure between the buyer and seller, which today, is not always the case.
Nonetheless, the Internet today has become a gateway for connected users to purchase a wide variety of tangible assets, services, and intangible digital assets. Today, tangible assets such as books, CDs, home appliances, or any type of retail good, can now be purchased from a supplier over the Internet. Moreover, intangible digital assets such as music, videos, movies, multimedia, software, etc. can also increasingly be purchased over the Internet and downloaded to the connected user. With the Internet's 24-hr. availability, global reach, ability to interact and provide custom information and ordering, and multimedia interaction with customers, the use of the Internet is rapidly becoming a multi-billion dollar source of revenue for today's businesses that have a world-wide presence via the Internet.
Desired security features for Internet based electronic commerce transactions include authenticating business transactors, controlling access to resources such as Web pages for registered users, encrypting communications, and, in general ensuring the privacy and effectiveness of transactions. Today, among the most widely used security technologies is the secure sockets layer (SSL), which is built into both of the leading Web browsers. SSL is a transport-level protocol developed by Netscape that provides channel security. With SSL, the client and server use a handshaking technique to agree on the level of security they want to use during a session. Authentication takes place over a secure channel, and all information transmitted during a session is encrypted.
Unfortunately, even with the security features provided by SSL in conjunction with other security features commonly offered by Web-based businesses, proper security is still lacking. For example, often the ability to positively determine whether a transmission is from an authentic source or from someone or something masquerading as that source is often completely lacking in Internet based transactions.
In most of today's Internet based transactions, a customer cannot be uniquely identified and authenticated by a Web-based businesses' server with a high degree of trust. Further, because of a lack of readily available techniques to uniquely identify a customer and to specifically encrypt digital assets (e.g. music, videos, movies, multimedia, software, etc.) for that uniquely identified customer, content owners have been hesitant to provide digital assets directly to potential customers over the Internet or to license digital assets to third party providers who can then provide them to customers over the Internet—due to the fear of unauthorized duplication of the digital asset. Moreover, techniques are not readily available to track and record the purchase, rental, and number of uses of digital assets by a customer, either directly by the content owner, or indirectly by a third party provider. Accordingly, it is difficult for a third party provider to accurately report transactions regarding licensed digital assets to the ultimate content owner for licensing fees (e.g. royalty tracking). This further limits the potential benefit of the Internet to be used to sell and provide digital assets to customers and to provide a secure revenue opportunity for content providers (especially the ultimate content owner (i.e. the copyright holder)).